CVE-2024-49790 IBM Watson Studio on Cloud Pak for Data cross-site scripting

IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi...

CVE-2024-49790 IBM Watson Studio on Cloud Pak for Data cross-site scripting

IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi...

PT-2025-35089

Name of the Vulnerable Software and Affected Versions: IBM Watson Studio on Cloud Pak for Data versions 4.0 through 5.0 Description: IBM Watson Studio on Cloud Pak for Data is susceptible to a cross-site scripting issue. An authenticated user can inject arbitrary JavaScript code into the Web UI,...

Linux Distros Unpatched Vulnerability : CVE-2022-3920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the U...

Linux Distros Unpatched Vulnerability : CVE-2023-5512

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions startin...

Linux Distros Unpatched Vulnerability : CVE-2022-32891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious conten...

Linux Distros Unpatched Vulnerability : CVE-2025-3074

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2017-1000122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary proces...

Linux Distros Unpatched Vulnerability : CVE-2024-45598

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the Poller Standard Error Log Path parameter in...

Linux Distros Unpatched Vulnerability : CVE-2022-32919

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious...

CVE-2025-0092

In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2025-0092

In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2025-0092

In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2025-0092

CVE-2025-0092 : A permission bypass exists in Android’s Bluetooth stack, specifically in handleBondStateChanged of AdapterService.java, caused by a misleading or insufficient UI. This can lead to information disclosure to a proximal attacker without additional execution privileges; exploitation r...

CVE-2025-0092

In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2025-9491 Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability

Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-52219

SelectZero SelectZero Data Observability Platform before 2025.5.2 contains an Open Redirect vulnerability. Legacy UI fields can be used to create arbitrary external links via HTML Injection...

CVE-2025-52217

The CVE-2025-52217 vulnerability affects SelectZero Data Observability Platform prior to version 2025.5.2. The issue stems from improper handling of user-supplied input in legacy UI fields, enabling HTML injection. Impact is HTML injection via these UI components; attack vector is user interactio...

CVE-2025-52219

CVE-2025-52219 affects SelectZero Data Observability Platform older than 2025.5.2, where an Open Redirect vulnerability exists due to legacy UI fields allowing arbitrary external links via HTML Injection. Affected component is the web UI frontend, with the root cause described as an open redirect...

PT-2025-34774 · Selectzero · Selectzero Data Observability Platform

Name of the Vulnerable Software and Affected Versions: SelectZero SelectZero Data Observability Platform versions prior to 2025.5.2 Description: SelectZero Data Observability Platform contains an Open Redirect vulnerability. Legacy UI fields can be used to create arbitrary external links via HTML...